SlideShare a Scribd company logo

Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh Sheth & Michael McNichol

VMware Tanzu
VMware Tanzu

- Using JSON Web Tokens (JWT) with OAuth2 is a lightweight solution for microservices to authenticate and make authorization decisions without affecting payload size. JWT tokens are created by OAuth2 servers like PCF UAA and sent in HTTP authorization headers. Frameworks like Spring Security make it easy for apps to work with OAuth2. - Scopes in JWTs are used for role-based access control, with the user, client, and user consent determining which scopes a token can contain. An identity provider maps groups to scopes. - The Universal Identity Service Broker can help demonstrate end-to-end cloud native identity services on PCF.

Software
1 of 25
Download to read offline
Making Applications Secure by Default
Reduce Risk in Your App Portfolio ● Keep critical systems at 100% patch levels ● Automate the path to production PRACTICES PRACTICES PRACTICES Running Secure Microservices on PCF by Default Make the Secure Thing, the Easy Thing ● “Secure by default” ● Immutable infrastructure ● Automate dependency management Keep Up with Industry Regulations & Auditors ● Embedded OS ● Inherited controls ● Use existing IdM policies
Automate the path to production
Security: Providing Authorization Support to Microservices Every microservice should be able to easily authenticate, and make authorization decisions.
Use JWT with OAuth2 JSON Web Token (JWT) is a protocol independent, JSON-based token that can be passed in HTTP authorization headers. This is a lightweight solution that doesn’t affect the payload size. It’s also language independent. The JWT tokens are created by any OAuth2/OpenId Connect Server implementation. PCF’s UAA Server is an example of one such OAuth2 provider. The token is sent in the ‘Authorization’ HTTP header attribute along with HTTP request. Frameworks like Spring Security make it easy for Spring Boot apps to work with OAuth2 server implementations to create and authenticate JWT tokens.
JWT typically looks like Scopes for Role Based Access Control User allowed to have scope (UAA group) Client allowed to have scope (client config) User consented client can use scope (to prevent malicious apps) - auto-approve skips this Intersection of all the previous scenarios IDP maps “Groups” to menu.* , order.* User has “Group”: menu.read, order.admin, order.me Client: menu.read, order.me User consents to todo.read Token only has todo.read
Universal Identity Service Broker
Demo: Freddy’s BBQ Joint in Action
Demo: End to End Encryption
Demo: Securing downstream system credentials
Demo: End to End Cloud Native Identity Services
Demo: Securing Spring Cloud Services
Cloud-Native Enterprise Security Repair Repair vulnerable software (CVEs) as soon as updates are available. Repave Repave servers and applications from a known good state. Do this often. Rotate Rotate user credentials frequently, so they are only useful for short periods of time.
Configuring Credentials is Hard
Leaking Credentials is Easy Unable to identify sophisticated phishing email ~ Intel 97% 1.5MM New phishing sites created each month ~ WebRoot 95% Successful enterprise attacks result of spear phishing ~ SANS Institute & Expensive 55% Use same password across several accounts ~ Gemalto [Data Breaches & Customer Loyalty] $3.86 MM Average cost of a data breach ~ IBM Security Research
Leaking Credentials is Easy
Rotating Credentials is the Standard
linkedin.com **** **** **** Using Credentials is Hard gmail.com aws.amazon.com insecure-server.com
Sharing Credentials is Hard PassW SVC A PassA Admin PassA SVC B PassB PassB SVC C PassC PassC Dev Dev Dev
Before Sharing Credentials without Sharing Credentials After with Credhub cf create-service credhub default app-db -c '{"url":...,"username":...,"password":...}' credentials: { credhub-ref: /c/prophet-db/app-db/credentials } cf cups app-db -p '{"url":...,"username":...,"password":...}' credentials: { url:OH,username:NO!,password:CLEARTEXT }
CC $ cf create-service credhub mysvc -c ‘secret’ CredHub mysvc: ‘secret’ /mycred: ‘secret’ CredHub Service Broker Creating Services with Credhub Container Orchestration Engine #1 #2 #3 #4
$ cf bind-service mysvc myapp CC CredHub mysvc - myapp CredHub Service Broker Binding Services with Credhub #1 #2 #3 Cell APP_ENV_VARS: { mySvc: { credentials: { credhub-ref: /c/mycred }}} MyApp #4 /c/service-guid/app-guid/credentials #5 #6Authorize read myapp -> /mycred /mycred ‘secret’
Runtime Cell APP_ENV_VARS: { mySvc: { credentials: { credhub-ref: /c/$path }}} App Simplify Credentials with Credhub Diego CredHub $ credhub generate -n "/somepassword" -t "password" id: 60013e8a-307d-4c0e-b392-14090facbde5 name: /somepassword type: password value: <redacted> version_created_at: "2019-07-07T19:36:15Z" credentials: { credhub-ref : /c/$path } credentials: { $password } IDM Administration Rotation / Mgmt ***** ***** ***** ***** ***** *****{ isAuthorized }
Demo

Recommended

Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
ActiveManage product brief 2002
ActiveManage product brief 2002ActiveManage product brief 2002
ActiveManage product brief 2002Vinny Pasceri
 
nFront Password Filter Overview
nFront Password Filter OverviewnFront Password Filter Overview
nFront Password Filter OverviewnFront Security
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
How a Windows Password Filters Works
How a Windows Password Filters WorksHow a Windows Password Filters Works
How a Windows Password Filters WorksnFront Security
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
 
Code by the sea: Web Application Security
Code by the sea: Web Application SecurityCode by the sea: Web Application Security
Code by the sea: Web Application SecurityBoy Baukema
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 

Recommended

Pentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssuePentesting Your Own Wireless Networks, June 2011 Issue
Pentesting Your Own Wireless Networks, June 2011 IssueIshan Girdhar
 
ActiveManage product brief 2002
ActiveManage product brief 2002ActiveManage product brief 2002
ActiveManage product brief 2002Vinny Pasceri
 
nFront Password Filter Overview
nFront Password Filter OverviewnFront Password Filter Overview
nFront Password Filter OverviewnFront Security
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
How a Windows Password Filters Works
How a Windows Password Filters WorksHow a Windows Password Filters Works
How a Windows Password Filters WorksnFront Security
 
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...
BreakingPoint & Juniper RSA Conference 2011 Presentation: Securing the High P...Ixia
 
Code by the sea: Web Application Security
Code by the sea: Web Application SecurityCode by the sea: Web Application Security
Code by the sea: Web Application SecurityBoy Baukema
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningStart Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningAmazon Web Services
 
70-272 Chapter10
70-272 Chapter1070-272 Chapter10
70-272 Chapter10Gene Carboni
 
Windows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and StrategiesWindows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and StrategiesIvanti
 
Inner Security Ltd
Inner Security LtdInner Security Ltd
Inner Security Ltdinnersecurity
 
Infrastructure as (Secure) Code
Infrastructure as (Secure) CodeInfrastructure as (Secure) Code
Infrastructure as (Secure) CodeMark Nunnikhoven
 
Seven IT Hazards for a Small Business
Seven IT Hazards for a Small BusinessSeven IT Hazards for a Small Business
Seven IT Hazards for a Small BusinessWilliam Staudenheimer
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...PROBOTEK
 
FCI-company profile
FCI-company profileFCI-company profile
FCI-company profileAmit Sardar
 
Advantages of Web Based CMMS
Advantages of Web Based CMMSAdvantages of Web Based CMMS
Advantages of Web Based CMMSGoCMMS
 
Windows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutionsWindows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutionsAlexander Benoit
 
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability AssessmentTALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability AssessmentDawn Yankeelov
 
www.more.net | University of Missouri
www.more.net | University of Missouriwww.more.net | University of Missouri
www.more.net | University of Missouriwebhostingguy
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database ServerFahri Firdausillah
 
Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Sarah Isaacs
 
Mobile Device Mismanagement
Mobile Device MismanagementMobile Device Mismanagement
Mobile Device Mismanagementbreenmachine
 
Viruses And Their Cures
Viruses And Their CuresViruses And Their Cures
Viruses And Their Curesannperry09
 
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSree Harsha Boyapati
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network SecurityEng Teong Cheah
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik FergusonCloudExpoEurope
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3Eoin Keary
 

More Related Content

What's hot

A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
 
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningStart Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningAmazon Web Services
 
Windows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and StrategiesWindows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and StrategiesIvanti
 
Infrastructure as (Secure) Code
Infrastructure as (Secure) CodeInfrastructure as (Secure) Code
Infrastructure as (Secure) CodeMark Nunnikhoven
 
Seven IT Hazards for a Small Business
Seven IT Hazards for a Small BusinessSeven IT Hazards for a Small Business
Seven IT Hazards for a Small BusinessWilliam Staudenheimer
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...PROBOTEK
 
FCI-company profile
FCI-company profileFCI-company profile
FCI-company profileAmit Sardar
 
Advantages of Web Based CMMS
Advantages of Web Based CMMSAdvantages of Web Based CMMS
Advantages of Web Based CMMSGoCMMS
 
Windows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutionsWindows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutionsAlexander Benoit
 
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability AssessmentTALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability AssessmentDawn Yankeelov
 
www.more.net | University of Missouri
www.more.net | University of Missouriwww.more.net | University of Missouri
www.more.net | University of Missouriwebhostingguy
 
Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Sarah Isaacs
 
Mobile Device Mismanagement
Mobile Device MismanagementMobile Device Mismanagement
Mobile Device Mismanagementbreenmachine
 
Viruses And Their Cures
Viruses And Their CuresViruses And Their Cures
Viruses And Their Curesannperry09
 
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSree Harsha Boyapati
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network SecurityEng Teong Cheah
 

What's hot (20)

A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?A Closer Look at Isolation: Hype or Next Gen Security?
A Closer Look at Isolation: Hype or Next Gen Security?
 
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From HappeningStart Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
Start Up Austin 2017: Production Preview - How to Stop Bad Things From Happening
 
70-272 Chapter10
70-272 Chapter1070-272 Chapter10
70-272 Chapter10
 
Windows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and StrategiesWindows 10 Migration Tips, Tricks, and Strategies
Windows 10 Migration Tips, Tricks, and Strategies
 
Inner Security Ltd
Inner Security LtdInner Security Ltd
Inner Security Ltd
 
Infrastructure as (Secure) Code
Infrastructure as (Secure) CodeInfrastructure as (Secure) Code
Infrastructure as (Secure) Code
 
Seven IT Hazards for a Small Business
Seven IT Hazards for a Small BusinessSeven IT Hazards for a Small Business
Seven IT Hazards for a Small Business
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
 
FCI-company profile
FCI-company profileFCI-company profile
FCI-company profile
 
Advantages of Web Based CMMS
Advantages of Web Based CMMSAdvantages of Web Based CMMS
Advantages of Web Based CMMS
 
Windows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutionsWindows 10 and the cloud: Why the future needs hybrid solutions
Windows 10 and the cloud: Why the future needs hybrid solutions
 
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability AssessmentTALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment
TALK Cybersecurity Summit 2017 Slides: Chris Goggans on Vulnerability Assessment
 
www.more.net | University of Missouri
www.more.net | University of Missouriwww.more.net | University of Missouri
www.more.net | University of Missouri
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database Server
 
Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6Symantec Endpoint Protection 12.1 RU6 MP6
Symantec Endpoint Protection 12.1 RU6 MP6
 
Mobile Device Mismanagement
Mobile Device MismanagementMobile Device Mismanagement
Mobile Device Mismanagement
 
Viruses And Their Cures
Viruses And Their CuresViruses And Their Cures
Viruses And Their Cures
 
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices GuidelinesSymantec Endpoint Protection Enterprise Edition Best Practices Guidelines
Symantec Endpoint Protection Enterprise Edition Best Practices Guidelines
 
Virtual Networking Security - Network Security
Virtual Networking Security - Network SecurityVirtual Networking Security - Network Security
Virtual Networking Security - Network Security
 

Similar to Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh Sheth & Michael McNichol

00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3Eoin Keary
 
Test expo cloud-enabled testing services (wide)_v1.0
Test expo cloud-enabled testing services (wide)_v1.0Test expo cloud-enabled testing services (wide)_v1.0
Test expo cloud-enabled testing services (wide)_v1.0Ewald Roodenrijs
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018MOnCloud
 
Using Service Discovery and Service Proxy
Using Service Discovery and Service ProxyUsing Service Discovery and Service Proxy
Using Service Discovery and Service ProxyIBM
 
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014Amazon Web Services
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application PlatformNugroho Gito
 
Measures to ensure Cyber Security in a serverless environment
Measures to ensure Cyber Security in a serverless environmentMeasures to ensure Cyber Security in a serverless environment
Measures to ensure Cyber Security in a serverless environmentFibonalabs
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Amazon Web Services
 
GPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to MaintenanceGPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to MaintenanceAmazon Web Services
 
Securing broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionSecuring broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionLeMeniz Infotech
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protectionxband
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsBen Rothke
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruMarketingArrowECS_CZ
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SASrobbuddingh
 

Similar to Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh Sheth & Michael McNichol (20)

Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
00. introduction to app sec v3
00. introduction to app sec v300. introduction to app sec v3
00. introduction to app sec v3
 
Test expo cloud-enabled testing services (wide)_v1.0
Test expo cloud-enabled testing services (wide)_v1.0Test expo cloud-enabled testing services (wide)_v1.0
Test expo cloud-enabled testing services (wide)_v1.0
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
 
Using Service Discovery and Service Proxy
Using Service Discovery and Service ProxyUsing Service Discovery and Service Proxy
Using Service Discovery and Service Proxy
 
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application Platform
 
Measures to ensure Cyber Security in a serverless environment
Measures to ensure Cyber Security in a serverless environmentMeasures to ensure Cyber Security in a serverless environment
Measures to ensure Cyber Security in a serverless environment
 
Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro Using Security to Build with Confidence in AWS - Trend Micro
Using Security to Build with Confidence in AWS - Trend Micro
 
Javantura v4 - Cloud-native Architectures and Java - Matjaž B. Jurič
Javantura v4 - Cloud-native Architectures and Java - Matjaž B. JuričJavantura v4 - Cloud-native Architectures and Java - Matjaž B. Jurič
Javantura v4 - Cloud-native Architectures and Java - Matjaž B. Jurič
 
GPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to MaintenanceGPSTEC318-IoT Security from Manufacturing to Maintenance
GPSTEC318-IoT Security from Manufacturing to Maintenance
 
Securing broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionSecuring broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryption
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC Miniclusteru
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
 

More from VMware Tanzu

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItVMware Tanzu
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023VMware Tanzu
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleVMware Tanzu
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023VMware Tanzu
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductVMware Tanzu
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready AppsVMware Tanzu
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And BeyondVMware Tanzu
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023VMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023VMware Tanzu
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptxVMware Tanzu
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchVMware Tanzu
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishVMware Tanzu
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVMware Tanzu
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - FrenchVMware Tanzu
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023VMware Tanzu
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootVMware Tanzu
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerVMware Tanzu
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeVMware Tanzu
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsVMware Tanzu
 

More from VMware Tanzu (20)

What AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About ItWhat AI Means For Your Product Strategy And What To Do About It
What AI Means For Your Product Strategy And What To Do About It
 
Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023Make the Right Thing the Obvious Thing at Cardinal Health 2023
Make the Right Thing the Obvious Thing at Cardinal Health 2023
 
Enhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at ScaleEnhancing DevEx and Simplifying Operations at Scale
Enhancing DevEx and Simplifying Operations at Scale
 
Spring Update | July 2023
Spring Update | July 2023Spring Update | July 2023
Spring Update | July 2023
 
Platforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a ProductPlatforms, Platform Engineering, & Platform as a Product
Platforms, Platform Engineering, & Platform as a Product
 
Building Cloud Ready Apps
Building Cloud Ready AppsBuilding Cloud Ready Apps
Building Cloud Ready Apps
 
Spring Boot 3 And Beyond
Spring Boot 3 And BeyondSpring Boot 3 And Beyond
Spring Boot 3 And Beyond
 
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdfSpring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
Spring Cloud Gateway - SpringOne Tour 2023 Charles Schwab.pdf
 
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
Simplify and Scale Enterprise Apps in the Cloud | Boston 2023
 
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
Simplify and Scale Enterprise Apps in the Cloud | Seattle 2023
 
tanzu_developer_connect.pptx
tanzu_developer_connect.pptxtanzu_developer_connect.pptx
tanzu_developer_connect.pptx
 
Tanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - FrenchTanzu Virtual Developer Connect Workshop - French
Tanzu Virtual Developer Connect Workshop - French
 
Tanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - EnglishTanzu Developer Connect Workshop - English
Tanzu Developer Connect Workshop - English
 
Virtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - EnglishVirtual Developer Connect Workshop - English
Virtual Developer Connect Workshop - English
 
Tanzu Developer Connect - French
Tanzu Developer Connect - FrenchTanzu Developer Connect - French
Tanzu Developer Connect - French
 
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
Simplify and Scale Enterprise Apps in the Cloud | Dallas 2023
 
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring BootSpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
SpringOne Tour: Deliver 15-Factor Applications on Kubernetes with Spring Boot
 
SpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software EngineerSpringOne Tour: The Influential Software Engineer
SpringOne Tour: The Influential Software Engineer
 
SpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs PracticeSpringOne Tour: Domain-Driven Design: Theory vs Practice
SpringOne Tour: Domain-Driven Design: Theory vs Practice
 
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense SolutionsSpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
SpringOne Tour: Spring Recipes: A Collection of Common-Sense Solutions
 

Recently uploaded

Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfkalichargn70th171
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 

Recently uploaded (20)

Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdfExploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
Exploring Selenium_Appium Frameworks for Seamless Integration with HeadSpin.pdf
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Odoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting ServiceOdoo Development Company in India | Devintelle Consulting Service
Odoo Development Company in India | Devintelle Consulting Service
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 

Building Highly Secure Cloud-Native Applications on PAS with Ease - Jignesh Sheth & Michael McNichol

  • 2. Reduce Risk in Your App Portfolio ● Keep critical systems at 100% patch levels ● Automate the path to production PRACTICES PRACTICES PRACTICES Running Secure Microservices on PCF by Default Make the Secure Thing, the Easy Thing ● “Secure by default” ● Immutable infrastructure ● Automate dependency management Keep Up with Industry Regulations & Auditors ● Embedded OS ● Inherited controls ● Use existing IdM policies
  • 3. Automate the path to production
  • 4. Security: Providing Authorization Support to Microservices Every microservice should be able to easily authenticate, and make authorization decisions.
  • 5. Use JWT with OAuth2 JSON Web Token (JWT) is a protocol independent, JSON-based token that can be passed in HTTP authorization headers. This is a lightweight solution that doesn’t affect the payload size. It’s also language independent. The JWT tokens are created by any OAuth2/OpenId Connect Server implementation. PCF’s UAA Server is an example of one such OAuth2 provider. The token is sent in the ‘Authorization’ HTTP header attribute along with HTTP request. Frameworks like Spring Security make it easy for Spring Boot apps to work with OAuth2 server implementations to create and authenticate JWT tokens.
  • 6. JWT typically looks like Scopes for Role Based Access Control User allowed to have scope (UAA group) Client allowed to have scope (client config) User consented client can use scope (to prevent malicious apps) - auto-approve skips this Intersection of all the previous scenarios IDP maps “Groups” to menu.* , order.* User has “Group”: menu.read, order.admin, order.me Client: menu.read, order.me User consents to todo.read Token only has todo.read
  • 8. Demo: Freddy’s BBQ Joint in Action
  • 9. Demo: End to End Encryption
  • 10. Demo: Securing downstream system credentials
  • 11. Demo: End to End Cloud Native Identity Services
  • 12. Demo: Securing Spring Cloud Services
  • 13.
  • 14. Cloud-Native Enterprise Security Repair Repair vulnerable software (CVEs) as soon as updates are available. Repave Repave servers and applications from a known good state. Do this often. Rotate Rotate user credentials frequently, so they are only useful for short periods of time.
  • 16. Leaking Credentials is Easy Unable to identify sophisticated phishing email ~ Intel 97% 1.5MM New phishing sites created each month ~ WebRoot 95% Successful enterprise attacks result of spear phishing ~ SANS Institute & Expensive 55% Use same password across several accounts ~ Gemalto [Data Breaches & Customer Loyalty] $3.86 MM Average cost of a data breach ~ IBM Security Research
  • 18. Rotating Credentials is the Standard
  • 19. linkedin.com **** **** **** Using Credentials is Hard gmail.com aws.amazon.com insecure-server.com
  • 20. Sharing Credentials is Hard PassW SVC A PassA Admin PassA SVC B PassB PassB SVC C PassC PassC Dev Dev Dev
  • 21. Before Sharing Credentials without Sharing Credentials After with Credhub cf create-service credhub default app-db -c '{"url":...,"username":...,"password":...}' credentials: { credhub-ref: /c/prophet-db/app-db/credentials } cf cups app-db -p '{"url":...,"username":...,"password":...}' credentials: { url:OH,username:NO!,password:CLEARTEXT }
  • 22. CC $ cf create-service credhub mysvc -c ‘secret’ CredHub mysvc: ‘secret’ /mycred: ‘secret’ CredHub Service Broker Creating Services with Credhub Container Orchestration Engine #1 #2 #3 #4
  • 23. $ cf bind-service mysvc myapp CC CredHub mysvc - myapp CredHub Service Broker Binding Services with Credhub #1 #2 #3 Cell APP_ENV_VARS: { mySvc: { credentials: { credhub-ref: /c/mycred }}} MyApp #4 /c/service-guid/app-guid/credentials #5 #6Authorize read myapp -> /mycred /mycred ‘secret’
  • 24. Runtime Cell APP_ENV_VARS: { mySvc: { credentials: { credhub-ref: /c/$path }}} App Simplify Credentials with Credhub Diego CredHub $ credhub generate -n "/somepassword" -t "password" id: 60013e8a-307d-4c0e-b392-14090facbde5 name: /somepassword type: password value: <redacted> version_created_at: "2019-07-07T19:36:15Z" credentials: { credhub-ref : /c/$path } credentials: { $password } IDM Administration Rotation / Mgmt ***** ***** ***** ***** ***** *****{ isAuthorized }
  • 25. Demo